two factor authentication: your best defensetwo-factor authentication. meaning when you log into a...
TRANSCRIPT
![Page 1: Two Factor Authentication: Your Best Defensetwo-factor authentication. Meaning when you log into a service on the internet, not only will it ask for your password, but it will also](https://reader031.vdocuments.us/reader031/viewer/2022011916/5fe1a8b52fd14267d07c610c/html5/thumbnails/1.jpg)
Page 1 Security Awareness Q2 2020
Passwords are frequently hacked, whether it is
through brute forcing or phishing attacks, pass-
words can be scooped up by scammers fairly easily.
What you really need is a second way to verify
yourself. That's why many internet services offer
two-factor authentication. Meaning when you log
into a service on the internet, not only will it ask for
your password, but it will also verify you are who
you say you are through the use of your mobile de-
vice's phone number.
Typically a PIN number or one time use
code will be sent to your phone, which can be used
only once, and is a great added layer of security
you can use against fraudulent actors attempting to
compromise websites or devices that you regularly
sign on to.
If you use Google or Facebook you have no
doubt already encountered two-factor authentica-
tion (2FA). Implementing two-factor authentication
typically takes slightly longer to log in each time on
a new device, but worth it in the long run to avoid
identity theft, or stolen credentials. Being more se-
cure sometimes means sacrificing ease of access
and comfort, but malicious actors count on you be-
ing lax in protecting yourself, so never take that
chance.
Don’t think it’ll happen to you? So-called
‘credential stuffing’ or brute-force attacks can make
it easy for hackers to break in and hijack people’s
online accounts in bulk. That happens all the
time. Dunkin’ Donuts, Warby Parker, GitHub,
AdGuard, the State Department — and even Apple
iCloud accounts have all fallen victim to credential-
stuffing attacks in recent years. Adding 2FA to your
accounts is another layer of security to help prevent
these type of automated log-in attacks. Two-factor
authentication also provides another layer of defense
against malicious phishing emails. If someone sends
you a phishing email that sends you to a false website
trying to trick you into logging in with your Google or
Facebook username and password, 2FA can still pro-
tect you. Only the legitimate site will send you a
working two-factor code which means you’ll know
you’re on a fake site when you don’t go through the
2FA login steps each time. Consider turning on 2FA
for all the sites that you access that supports it.
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-
two-factor/
Two Factor Authentication: Your Best Defense
Page 1 Security Awareness Q2 2020
![Page 2: Two Factor Authentication: Your Best Defensetwo-factor authentication. Meaning when you log into a service on the internet, not only will it ask for your password, but it will also](https://reader031.vdocuments.us/reader031/viewer/2022011916/5fe1a8b52fd14267d07c610c/html5/thumbnails/2.jpg)
Page 2 Security Awareness Q2 2020
Why You Should Turn Off Your
Bluetooth When It’s Not In Use?
Many people who frequently use Bluetooth speakers, headphones, or other Bluetooth friendly devices typically leave their bluetooth signal turned on out of ease of convenience. Statistics say 40%-50% of people leave their Bluetooth on which leaves them open and vulnerable to many attacks.
A security company called Armis has found a collection of eight exploits, collectively called ‘BlueBorne’, that can allow an attacker to access to your phone without touching it in less than 10 seconds. Hackers can then run malicious code while staying practically invisible, and will have full control over the device without any user interaction. The first way to keep yourself safe is to only enable Bluetooth if strictly necessary. Keep in mind that most Bluetooth-enabled headphones also support wired analog audio.
Second, keep your device non-discoverable. Most are only discoverable if you enter the Bluetooth scanning menu. Nevertheless, some older phones might be discoverable permanently.
The attacker has to know your device's Bluetooth MAC address, or network-interface identifier. Bluetooth devices generally broadcast the MAC address only when they want to be found by other devices, and you can turn that off.
Go into your device’s settings, find the wireless or Bluetooth settings, and disable "Discoverable" if you can. You'll still be able to link to Bluetooth devices you've already paired with, but not to new Bluetooth devices.
Rest easy, this flaw has not been exploited in the wild, and its discoverers are keeping the details under wraps for the time being so that malicious actors won’t be able to start exploiting it right away.
Just know that malicious actors are already reverse-engineering this month's patch to try to
find what got fixed and how to exploit it. Stay one step ahead of them!
https://techcrunch.com/2017/09/12/new-bluetooth-vulnerability-can-hack-a-phone-in-ten-seconds/
![Page 3: Two Factor Authentication: Your Best Defensetwo-factor authentication. Meaning when you log into a service on the internet, not only will it ask for your password, but it will also](https://reader031.vdocuments.us/reader031/viewer/2022011916/5fe1a8b52fd14267d07c610c/html5/thumbnails/3.jpg)
Page 3 Security Awareness Q2 2020
Most people have a cell phone and other devices to manage work and their personal business. If you use a cellphone, a work
computer, a tablet, and a home computer, ALWAYS make sure these devices have unique logon passwords. Besides making
the passwords unique, make sure to they are at least 8 characters long, but consider 12-17 characters where feasible to im-
prove your security posture. Best practices for password composition should include two upper case letters, two numbers, and
two symbols where your devices allow. Keep your passwords secure, or consider using a password manager to help manage all
the passwords you use regularly. Don’t be an easy target for malicious actors!